Large corporates quietly run supplier dependency assessments on their vendors. Most SMEs have never heard of this process. Here’s what it is, what triggers a risk flag, and what you can do about it before the conversation changes.
Somewhere in your largest corporate client’s procurement team, there is a structured evaluation running on your business. Not a performance review. Not a satisfaction score. A dependency assessment a systematic measurement of how reliant your company is on them for its survival.
The process has a name: a Supplier Dependency Assessment. You may also encounter it under related labels vendor concentration risk analysis, supplier criticality assessment, or third-party dependency review. The terminology shifts slightly across frameworks. The underlying question does not.
That question is: “How dependent is this supplier on us?”
Most SMEs have never been asked this question directly. The ones who have something in that business relationship was already shifting.
What a Supplier Dependency Assessment Actually Measures
The primary metric is revenue concentration: what percentage of the vendor’s total annual revenue comes from this one corporate client. It is a simple calculation with significant consequences.
Procurement and risk frameworks typically use a four-band classification system:

Revenue concentration is the starting point, not the only data point. Sophisticated assessments also examine: the vendor’s overall financial stability, customer diversification across the vendor’s full client base, operational reliance (dedicated staff, infrastructure, or processes built around a single client), and switching costs for both parties.
Run your own numbers honestly. If you have an anchor corporate client, where do you sit on that table?
Many SMEs growing well with a major client will land in the high to extreme band — sometimes at seventy or eighty percent revenue concentration. In a formal TPRM system, entering that band does not just raise a flag. It moves the vendor into a monitoring category that shapes how the next contract renewal is handled, before anyone picks up the phone.
Why Corporates Run This Assessment
There are four reasons large corporates conduct supplier dependency assessments and understanding all four changes how you approach the relationship.
1.Vendor Viability Risk
A supplier generating seventy percent of its revenue from one client is financially fragile. If that client reduces spend, restructures, or switches providers, the supplier’s business may not survive. Corporates track this because a financially unstable vendor is an operationally unreliable vendor. A fragile supplier is not a reliable supplier.
2. Power Imbalance and Negotiation Dynamics
A vendor that depends heavily on one client will accept terms that a financially independent vendor would not. Unfavourable payment structures, scope creep, perpetual revisions. Some procurement teams deliberately avoid becoming too dominant a client because of the ethical and reputational exposure this creates. Aggressive buyers have been burned before. Your day-to-day contact does not have authority to override a risk classification that sits with legal and audit.
3. Operational Resilience
If a vendor has built dedicated staff, infrastructure, or processes entirely around one client, what happens operationally on both sides if the relationship breaks down? Concentration in operational structure is as risky as concentration in revenue. The assessment evaluates whether the relationship is structurally sustainable.
4. Regulatory and Governance Requirements
Large companies now run formal Third-Party Risk Management (TPRM) programmes as a governance requirement. Frameworks from ISO, NIST, and COSO require structured assessment of supplier financial resilience and concentration risk. This is not the procurement manager’s personal preference it is an audit and legal sign-off requirement. Whatever relationship you have built with your day-to-day contact does not override it.
The Perspective Gap Most Vendors Miss
From the vendor’s side, high revenue from one corporate client feels like loyalty. It feels like trust built over years. It feels like the account was earned.
“What feels like loyalty from your desk looks like concentration risk from theirs.”
From the procurement team’s side, the same situation reads as financial fragility and structural risk. A vendor doing seventy to eighty percent of its revenue from one corporate client will trigger alarms in a sophisticated TPRM system. Not because the quality of work is poor. Because the underlying structure is fragile.
This is the strategic nuance most SMEs never encounter because the assessment runs without them. There is no invitation to participate. No notification that the evaluation is underway. You find out through a questionnaire, or the first signal is a contract renewal conversation that feels different from previous years.
Where This Assessment Actually Shows Up
Supplier dependency analysis surfaces across the full lifecycle of a corporate vendor relationship and increasingly, beyond it:
- Vendor onboarding questionnaires — new corporate clients will ask directly about your revenue distribution across clients
- ESG and third-party risk reviews — now standard in financial services, retail, and government-adjacent sectors across East Africa
- Annual supplier financial health reviews — particularly at contract renewal junctures
- Investor due diligence — a concentrated client base is a structural red flag in any investment or funding assessment
- Pre-qualification for large tenders — government and large institutional tenders increasingly include vendor financial resilience questions
The common thread: in each of these contexts, your concentration profile is being assessed by someone with a decision-making stake in the outcome. The vendor is often the last to know the question is even being asked.
Three Things SMEs Should Do Now
Practical steps; vendor-side dependency management
- First, know your own number. Calculate what percentage of your revenue comes from your top one or two clients. Above fifty percent places you in territory that will raise flags in most TPRM frameworks. That is not a crisis, but it is information you need to be actively managing.
- Second, build your narrative. If a questionnaire is coming, prepare a clear, confident answer about your diversification direction. Procurement teams assess trajectory, not just a snapshot. A vendor showing two new clients added in the last eighteen months reads differently than one showing the same single client for three years running.
- Third, do the actual work in parallel. Even pulling a second client to thirty percent of your total revenue materially shifts your risk classification — from extreme to high. That shift changes how a renewal conversation opens before anyone has said a word about price.
Two Versions of This Conversation
There is a version of this process where your corporate client surfaces the assessment openly and you work through it together. They share their concerns about concentration, you present your diversification strategy, and both parties leave the conversation with a clearer structure.
There is another version where the reclassification happens internally, the contingency planning is quietly updated, and the first signal you receive is a contract renewal that feels different from previous years such as shorter terms, less favourable pricing, new conditions that weren’t there before.
Most vendors experience the second version. Not because of poor performance. Because they were not managing their concentration profile proactively.
Know How Your Profile Reads Before Someone Else Does
We run supplier dependency assessments from the vendor side, mapping your revenue concentration, preparing your TPRM questionnaire responses and reviewing your profile ahead of tenders and contract renewals.
Be heard MSMES.
At BizInfo Africa, we’re committed to spotlighting the people, data, and deals that prove Africa isn’t high-risk,it’s high-potential.
For more stories, reliable SME and on-the-ground insights?
Visit bizinfo-africa.com. | #BizInfo_Africa
Need credible verification, market entry intelligence, or due diligence in Kenya and across Africa?
Partner with ASAP Information Services: asapinform.com | #ASAP_Inform